4:["$","div",null,{"className":"flex flex-1 flex-col","children":[["$","$Lf",null,{}],["$","main",null,{"className":"flex flex-1 flex-col","children":[["$","article",null,{"className":"py-20","children":["$","div",null,{"className":"mx-auto w-full max-w-2xl px-6","children":[["$","$L10",null,{"href":"/blog","className":"inline-flex items-center gap-1.5 font-mono text-xs tracking-widest text-muted-foreground uppercase transition-colors hover:text-primary","children":[["$","$L11",null,{"ref":"$undefined","iconNode":[["path",{"d":"m12 19-7-7 7-7","key":"1l729n"}],["path",{"d":"M19 12H5","key":"x3x0zl"}]],"className":"lucide-arrow-left size-3.5"}],"Back to blog"]}],["$","div",null,{"className":"font-mono text-xs tracking-widest text-muted-foreground uppercase","children":"Explainer"}],["$","h1",null,{"className":"mt-3 font-serif text-3xl tracking-tight sm:text-4xl","children":"Known vs Novel Malware in Dependencies"}],["$","div",null,{"className":"mt-4 flex flex-wrap items-center gap-2 font-mono text-xs text-muted-foreground","children":["$undefined","$undefined","$undefined",["$","span",null,{"children":["· ","1 min read"]}]]}],["$","div",null,{"className":"space-y-5 [&_h2]:mt-12 [&_h2]:scroll-mt-24 [&_h2]:font-serif [&_h2]:text-2xl [&_h2]:tracking-tight [&_h2]:sm:text-3xl [&_h3]:mt-8 [&_h3]:font-serif [&_h3]:text-xl [&_h3]:tracking-tight [&_p]:text-base [&_p]:leading-relaxed [&_p]:text-foreground/85 [&_a]:text-primary [&_a]:underline [&_a]:underline-offset-2 [&_a:hover]:text-primary/70 [&_strong]:font-semibold [&_strong]:text-foreground [&_ul]:space-y-2 [&_ul]:pl-5 [&_li]:list-disc [&_li]:text-foreground/85 [&_li]:marker:text-foreground/30 [&_blockquote]:border-l-2 [&_blockquote]:border-primary/40 [&_blockquote]:pl-5 [&_blockquote]:text-foreground/70 [&_blockquote_p]:italic [&_code]:rounded-sm [&_code]:bg-muted [&_code]:px-1.5 [&_code]:py-0.5 [&_code]:font-mono [&_code]:text-[0.85em] mt-10 border-t border-foreground/15 pt-10","dangerouslySetInnerHTML":{"__html":"

There are two ways a package can be dangerous, and they need two different defences.

Known

Novel

Why both matter

What good novel detection looks like

See Verifi's detection → · Supply-chain 101 →

"}}],["$","div",null,{"className":"mt-12 border-t border-foreground/15 pt-8","children":[["$","div",null,{"className":"font-mono text-xs tracking-widest text-muted-foreground uppercase","children":"Related"}],["$","ul",null,{"className":"mt-3 space-y-2","children":[["$","li","/blog/malicious-install-scripts",{"children":["$","$L10",null,{"href":"/blog/malicious-install-scripts","className":"inline-flex items-center gap-1.5 text-base text-primary transition-colors hover:text-primary/70","children":["Malicious Install Scripts",["$","$L11",null,{"ref":"$undefined","iconNode":[["path",{"d":"M5 12h14","key":"1ays0h"}],["path",{"d":"m12 5 7 7-7 7","key":"xquz4c"}]],"className":"lucide-arrow-right size-3.5"}]]}]}],["$","li","/blog/software-supply-chain-security-101",{"children":["$","$L10",null,{"href":"/blog/software-supply-chain-security-101","className":"inline-flex items-center gap-1.5 text-base text-primary transition-colors hover:text-primary/70","children":["Software Supply-Chain Security 101",["$","$L11",null,{"ref":"$undefined","iconNode":"$4:props:children:1:props:children:0:props:children:props:children:5:props:children:1:props:children:0:props:children:props:children:1:props:iconNode","className":"lucide-arrow-right size-3.5"}]]}]}],["$","li","/platform",{"children":["$","$L10",null,{"href":"/platform","className":"inline-flex items-center gap-1.5 text-base text-primary transition-colors hover:text-primary/70","children":["The Verifi platform",["$","$L11",null,{"ref":"$undefined","iconNode":"$4:props:children:1:props:children:0:props:children:props:children:5:props:children:1:props:children:0:props:children:props:children:1:props:iconNode","className":"lucide-arrow-right size-3.5"}]]}]}]]}]]}]]}]}],["$","section",null,{"className":"border-t border-foreground/15 py-16","children":["$","div",null,{"className":"mx-auto w-full max-w-2xl px-6","children":[["$","div",null,{"className":"font-mono text-xs tracking-widest text-muted-foreground uppercase","children":"More from the blog"}],"$L12"]}]}]]}],"$L13"]}]

Known vs Novel Malware in Dependencies

Known

Novel

Why both matter

What good novel detection looks like

Dependency Confusion, Explained

Software Supply-Chain Security Glossary